Messages

1

20.7 Legacy Series / Re: New Traffic Reporting useless

« on: May 03, 2021, 07:24:15 pm »

Traffic reporting is really pretty and I love animation and how smooth side scrolling is but it needs few improvements to be useful:

1 pause button - so one can inspect the data w/o it disappearing into the abyss
2 would it be possible to show source and destination in the 'speech cloud'?
3 longer time frame option -  current one is just too short
4 top talkers tab should allow sorting by clicking on particular column header

thank you

2

20.7 Legacy Series / Re: How to troubleshoot Netflow?

« on: September 17, 2020, 03:27:48 pm »

Thanks.  Debug sounds like a non-production setting which I will try to avoid for now.  My concern is mostly about unknown unknowns -if I cannot see/detect this UDP stream - what else am I missing?

Internet apps are becoming more and more like malware, trying to bypass LAN for better user experience or to send telemetry to get a leg up on the competition.  I, on the other hand, want to know what is going on within my LAN 

3

20.7 Legacy Series / Re: How to troubleshoot Netflow?

« on: September 17, 2020, 04:51:43 am »

Thanks for the tips.  I could not find pf.conf nor I could find information on UDP state timout value in opnsense in the docs.

Only found this feature request to make it adjustable: https://github.com/opnsense/core/issues/1330

In the meantime, I re-entered all netflow info, rebooted and now Elastiflow's logstash is receiving the traffic.

Firewall live view continues to see no traffic going to port 2055 -except localhost:2055 which is interesting since insight is turned off... 

4

20.7 Legacy Series / Re: How to troubleshoot Netflow?

« on: September 14, 2020, 10:37:38 pm »

That's what baffles me - all rules that are listed in GUI, autogenerated and manual, are logging(except ivp6 as I have ipv6 blocked and turned off).  Firewall's live view has no record of traffic going to my netflow collector IP.

However, connection does show up under Firewall: Diagnostics: States Dump

5

20.7 Legacy Series / Re: How to troubleshoot Netflow?

« on: September 14, 2020, 05:04:58 pm »

tcpdump shows UDP packets sent to the flow collector. 

It concerns me that firweall shows no traffic.  What can I enable so firewall logs all of the connections?

6

20.7 Legacy Series / How to troubleshoot Netflow?

« on: September 14, 2020, 02:53:49 pm »

Hi have netflow export setup to external IP, 192.168.1.9:2055  but I do not see any traffic in the firewall alerts going to destination port or IP (blocked or allowed). 

What's the best way to confirm that traffic is flowing or confirm that netflow is working?

7

20.7 Legacy Series / Re: Overview of rules and usage

« on: September 09, 2020, 10:06:55 pm »

@Xelas good point, I know cisco does and monowall had this feature, similar to display settings in Windows where change is reverted if not confirmed working (presumably because you're locked out).

8

20.7 Legacy Series / Re: Is there a wa to turn off "let out anything from firewall host itself" rule?

« on: September 09, 2020, 09:55:05 pm »

Good to know that I can turn off the firewall completely, however I just want full control of the firewall, not to get rid of the firewall altogether.

At the least, I would be happy if OPNsense allowed custom rules to take precedence over automatically generated ones...or have ability to turn them off if getting rid of them would break scripts.

9

General Discussion / Re: IPv6 working inconsistently, strange firewall behaviour

« on: September 09, 2020, 03:58:25 am »

I'm new to opnsense and I don't know what I'm doing but I would try to turn off hardware network features, especially LRO:

https://docs.opnsense.org/manual/interfaces_settings.html

10

General Discussion / Re: Autogenerated FW rule is misleading : let out anything from firewall host

« on: September 09, 2020, 12:03:31 am »

It seems we are looking for same answers.  One thing of note is that this rule supposed (gray lightning bolt) to evaluate last so I think it would be possible to add custom rule negating it in whole or partially.

11

General Discussion / Re: Clearing Automatically Generated Rules

« on: September 08, 2020, 11:47:52 pm »

I'm new to opnsense, have the same question, and based on my searches (how I found this thread) it appears that it is not possible to turn off autogenerated rules. 

12

20.7 Legacy Series / Re: Multiple DHCP clients on interface

« on: September 08, 2020, 10:03:16 pm »

I'm starting with opnsense, still, I would suggest to check if multiwan can do what you are after.

13

20.7 Legacy Series / Is there a wa to turn off "let out anything from firewall host itself" rule?

« on: September 08, 2020, 09:55:55 pm »

Is there a way to turn off "let out anything from firewall host itself" rule or other automatically created rules that do not have the looking glass icon?

14

20.7 Legacy Series / How to supress logging of automatic rules?

« on: September 08, 2020, 09:53:58 pm »

I'm getting a lot of entries from OPNsense rules.  Is there a way I suppress logging from automatically generated rules?

thank you.

15

General Discussion / Better way to review Firewall logs

« on: September 08, 2020, 09:02:13 pm »

Viewing fw logs within Opnsense is pretty rudimentary as search queries don't save when you leave the page, and there is no NOT selection, etc

I'm curious how people are parsing fw logs and if there's a plugin or another software (linux or FreeBSD) that is commonly used?  I suppose I could use awk or grep, however I'd prefer GUI over shell.